Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
4
Helpful
2
Replies

Access-list in PIX 506E

jclim
Level 1
Level 1

‎01-26-2006 01:47 AM - edited ‎02-21-2020 12:40 AM

Dear All,

I would like to block a single IP in the LAN (inside network )to access to the Internet. The following is the configuration

access-list inside_access_in deny tcp host 192.168.1.247 any

access-list inside_access_in permit tcp any any

access-group inside_access_in in interface inside

But instead on one IP address the access-list has block the entire LAN to access the Internet

Kindly advise what is wrong with the configuration.

Thank you

JC

0 Helpful
2 Replies 2

pkhatri
Level 11
Level 11

‎01-26-2006 01:54 AM

Hi JC,

Change the access-list to:

access-list inside_access_in deny ip host 192.168.1.247 any

access-list inside_access_in permit ip any any

You blocked all non-TCP with your initial config. This would have blocked DNS and nothing much would have worked.

Hope that helps - pls rate posts that help.

Regards,

Paresh

jclim
Level 1
Level 1
In response to pkhatri

‎01-26-2006 02:21 AM

Hi Raresh,

It's working now

TQ

JC

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card